The Board of the California Privacy Protection Agency (CPPA) approved a rulemaking package covering Sections 7000–7304 of their draft regulations on February 3, 2023.

As it did last year, the California Attorney General's Office recognized Data Privacy Day by announcing its latest investigative sweep under the California Consumer Privacy Act (CCPA).

In response to the increased frequency and severity of data breaches in the telecommunications industry, the Federal Communications Commission recently published a Notice of Proposed Rulemaking that seeks to strengthen and broaden its breach notification r

Data security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.

This Update discusses what these safeguards are and why the FTC believes they are so critical.

Last week, the period for comments closed on the California Privacy Protection Agency's (CPPA) latest version of the draft implementing regulations for the California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA) (Revised Regs).

This is the second in a series of updates addressing the bilateral data access agreement (Data Access Agreement or agreement) between the United States and the United Kingdom under the Clarifying Lawful Overseas Use of Dat

California and New York recently passed laws that seek to change how social media platforms and social media networks design and report their content moderation practices. The New York law will require a hateful conduct policy and reporting mechanism starting in December 2022. The California laws will impose content policy and transparency requirements starting in 2023 and 2024.

The Office of Science and Technology Policy (OSTP), a part of the Executive Office of the President, recently published a white paper titled "The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People" (Blueprint)

Introduction

While candy sales skyrocketed and trick-or-treaters donned costumes this past Halloween weekend, the California Privacy Protection Agency (Agency) Board was busy holding its first public meeting since September.

Amazon and Microsoft won summary judgment in two class action lawsuits filed in federal court in the U.S. District Court for the Western District of Washington asserting violations of the Illinois Biometric Information Privacy Act.

After a five-day trial and only an hour of deliberation, the nation's first trial under the Illinois Biometric Information Privacy Act (BIPA) ended with a bang. The jury found that the defendant, BNSF Railway Company, recklessly or intentionally violated BIPA 45,600 times (once per class member), resulting in a $228 million judgment.

The Colorado attorney general's office sent shockwaves throughout the privacy world on September 30, 2022, when it published its proposed Colorado Privacy Act (CPA) draft rules (Draft Rules).

President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities.

Following the European Council's approval last week, the Digital Services Act (DSA) has been officially adopted, starting the countdown to the law's entry into force later this year.

Overview

2022 has been relatively quiet as it relates to state updates to breach notification laws, but Maryland made significant alterations to its general data breach notification law. Additionally, several other states made more minor changes, and the federal government issued or proposed several new data security and breach reporting requirements for certain types of entities.